Local Authentication

To perform this procedure, the UAAC client must be installed on the Ops Manager virtual machine (VM).

Open a terminal and SSH into the Ops Manager VM by following the instructions for your IaaS in the SSH into Ops Manager topic.

Navigate to the Ops Manager Installation Dashboard and select the BOSH Director tile. In BOSH Director, click the Status tab, and record the IP address.

Using the uaac target command, target BOSH Director UAA on port 8443 using the IP address you copied, and specify the location of the root certificate. The default location is /var/tempest/workspaces/default/root_ca_certificate.

Note: To obtain the password for the UAA login and admin clients, you can also curl or point your browser to the following endpoints: https://OPS-MANAGER-FQDN/api/v0/deployed/director/credentials/uaa_login_client_credentials
and https://OPS-MANAGER-FQDN/api/v0/deployed/director/credentials/uaa_admin_user_credentials

You can now use the UAA client you created to run BOSH in automated or scripted environments, such as continuous integration pipelines.

Provision Admin Client

Pivotal does not support SAML authentication to the BOSH Director.
Ops Manager provides an option to create UAA clients during SAML configuration so that BOSH can be automated using scripts and tooling.

Select Provision an admin client in the Bosh UAA when configuring Ops Manager for SAML.

Click the Status tab, and record the IP address, after deploying BOSH Director (BOSH).

Click the Credentials tab in the BOSH Director tile.

Click the link for the Uaa Bosh Client Credentials to record the client name and secret.

Open a terminal and SSH into the Ops Manager VM. Follow the instructions for your SSH in the SSH into Ops Manager topic.

Set the client and secret as environment variables on the Ops Manager VM.
export BOSH_CLIENT=bosh_admin_client
export BOSH_CLIENT_SECRET=UAA-BOSH-CLIENT-SECRET
Where:

UAA-BOSH-CLIENT-SECRET is the client secret you recorded in Step 4.
For example: